Abstract: A system for assessing a computer device's state may collect state data about the device, then assess the state with respect to the policy for granting one or more claims. Each claim may be defined by a set of requirements that, if fulfilled, may be used to permit or deny access to a resource, such as an application, network, data, or other resource. A collection engine may reside on the device or other location and may collect requested data, and some collection engines may be extensible with a plugin architecture for expansion. A server may receive information from the device to evaluate claims. Depending on the use scenario, the claim results may be incorporated into communications and passed to an evaluator that may produce an access token which is used to permit or deny access based on the claim results.

Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.

Abstract: A system for assessing a computer device's state may collect state data about the device, then assess the state with respect to the policy for granting one or more claims. Each claim may be defined by a set of requirements that, if fulfilled, may be used to permit or deny access to a resource, such as an application, network, data, or other resource. A collection engine may reside on the device or other location and may collect requested data, and some collection engines may be extensible with a plugin architecture for expansion. A server may receive information from the device to evaluate claims. Depending on the use scenario, the claim results may be incorporated into communications and passed to an evaluator that may produce an access token which is used to permit or deny access based on the claim results.

Abstract: Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.

Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.

Abstract: Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.

Abstract: A method and system for controlling access to a message queue in a message queuing system utilizes a certificate of a user who sends a message to authenticate the message and uses a directory service of the message queuing system as a trusted entity in the authentication process. The certificate used for message authentication may be an internal certificate issued by the message queuing system or an external certificate issued by a certification authority. The certificate is registered with the directory service of the message queuing system and stored with a security identification (SID) of the user. When the user runs an application which sends a message to a target queue, the sending computer signs the message with a private key associated with the certificate and sends the message with the digital signature and the certificate to the receiving computer. When the receiving message queue (MQ) server receives the message packet, it verifies the digital signature of the message.